You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by fs...@apache.org on 2020/02/25 15:46:39 UTC
svn commit: r1874502 - in /tomcat/site/trunk: docs/security-7.html
docs/security-8.html docs/security-9.html xdocs/security-7.xml
xdocs/security-8.xml xdocs/security-9.xml xdocs/stylesheets/tomcat-site.xsl
Author: fschumacher
Date: Tue Feb 25 15:46:38 2020
New Revision: 1874502
URL: http://svn.apache.org/viewvc?rev=1874502&view=rev
Log:
Use full hash for git links
and shorten the text of the link on the fly while generating the docs with xslt.
The reconstruction of the long hashes were done with the following shell/perl/sed constructs:
sed -e "$(perl -M5.020 -ne 'say $1 if /hashlink hash="(\w+)"/' ../tomcat-site-trunk/xdocs/security-7.xml \
| while read i
do git log --pretty="s/\\b$i\\b/%H/g;" -l 1 $i^1..$i | cat
done)" -i ../tomcat-site-trunk/xdocs/security-7.xml
sed -i -e 's/\(hashlink hash="\w*"\)>\w*<\/hashlink/\1\//' ../tomcat-site-trunk/xdocs/security-7.xml
That was done for the three security files for tomcat 7, 8 and 9.
Modified:
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/docs/security-9.html
tomcat/site/trunk/xdocs/security-7.xml
tomcat/site/trunk/xdocs/security-8.xml
tomcat/site/trunk/xdocs/security-9.xml
tomcat/site/trunk/xdocs/stylesheets/tomcat-site.xsl
Modified: tomcat/site/trunk/docs/security-7.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1874502&r1=1874501&r2=1874502&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Tue Feb 25 15:46:38 2020
@@ -82,10 +82,10 @@
will need to make small changes to their configurations as a result.</p>
<p>This was fixed with commits
- <a href="https://github.com/apache/tomcat/commit/0d633e7">0d633e7</a>,
- <a href="https://github.com/apache/tomcat/commit/40d5d93">40d5d93</a>,
- <a href="https://github.com/apache/tomcat/commit/b99fba5">b99fba5</a> and
- <a href="https://github.com/apache/tomcat/commit/f7180ba">f7180ba</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/0d633e72ebc7b3c242d0081c23bba5e4dacd9b72">0d633e72</a>,
+ <a href="https://github.com/apache/tomcat/commit/40d5d93bd284033cf4a1f77f5492444f83d803e2">40d5d93b</a>,
+ <a href="https://github.com/apache/tomcat/commit/b99fba5bd796d876ea536e83299603443842feba">b99fba5b</a> and
+ <a href="https://github.com/apache/tomcat/commit/f7180bafc74cb1250c9e9287b68a230f0e1f4645">f7180baf</a>.</p>
<p>This issue was reported to the Apache Tomcat Security Team on 3 January
2020. The issue was made public on 24 February 2020.</p>
@@ -103,7 +103,7 @@
considered unlikely.</p>
<p>This was fixed with commit
- <a href="https://github.com/apache/tomcat/commit/702bf15">702bf15</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d">702bf15b</a>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by @ZeddYu
on 25 December 2019. The issue was made public on 24
@@ -122,7 +122,7 @@
considered unlikely.</p>
<p>This was fixed with commit
- <a href="https://github.com/apache/tomcat/commit/b191a0d">b191a0d</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/b191a0d9cf06f4e04257c221bfe41d2b108a9cc8">b191a0d9</a>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by @ZeddYu
on 12 December 2019. The issue was made public on 24
@@ -142,7 +142,7 @@
vulnerability.</p>
<p>This was fixed with commit
- <a href="https://github.com/apache/tomcat/commit/ab72a10">ab72a10</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/ab72a106fe5d992abddda954e30849d7cf8cc583">ab72a106</a>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by William
Marlow (IBM) on 19 November 2019. The issue was made public on 18
@@ -172,7 +172,7 @@
vulnerability that enables this issue to be exploited remotely.</p>
<p>This was fixed with commit
- <a href="https://github.com/apache/tomcat/commit/bef3f40">bef3f40</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/bef3f40400243348d12f4abfe9b413f43897c02b">bef3f404</a>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by An Trinh of
Viettel Cyber Security on 10 October 2019. The issue was made public on 18
@@ -195,7 +195,7 @@
blog</a>.</p>
<p>This was fixed with commit
- <a href="https://github.com/apache/tomcat/commit/7f0221b">7f0221b</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/7f0221b904956359f2d739aa3a2b53f8c12ed8c7">7f0221b9</a>.</p>
<p>This issue was identified by Nightwatch Cybersecurity Research and
reported to the Apache Tomcat security team via the bug bounty program
@@ -213,7 +213,7 @@
in a production website.</p>
<p>This was fixed with commit
- <a href="https://github.com/apache/tomcat/commit/44ec74c">44ec74c</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/44ec74c44dcd05cd7e90967c04d40b51440ecd7e">44ec74c4</a>.</p>
<p>This issue was identified by Nightwatch Cybersecurity Research and
reported to the Apache Tomcat security team via the bug bounty program
Modified: tomcat/site/trunk/docs/security-8.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1874502&r1=1874501&r2=1874502&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-8.html (original)
+++ tomcat/site/trunk/docs/security-8.html Tue Feb 25 15:46:38 2020
@@ -87,12 +87,12 @@
will need to make small changes to their configurations as a result.</p>
<p>This was fixed with commits
- <a href="https://github.com/apache/tomcat/commit/69c5608">69c5608</a>,
- <a href="https://github.com/apache/tomcat/commit/b962835">b962835</a>,
- <a href="https://github.com/apache/tomcat/commit/5a5494f0">5a5494f0</a>,
- <a href="https://github.com/apache/tomcat/commit/9be5760">9be5760</a>,
- <a href="https://github.com/apache/tomcat/commit/64159aa">64159aa</a> and
- <a href="https://github.com/apache/tomcat/commit/03c4361">03c4361</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/69c56080fb3355507e1b55d014ec0ee6767a6150">69c56080</a>,
+ <a href="https://github.com/apache/tomcat/commit/b962835f98b905286b78c414d5aaec2d0e711f75">b962835f</a>,
+ <a href="https://github.com/apache/tomcat/commit/5a5494f023e81aa353e262fb14fff4cd0338a67c">5a5494f0</a>,
+ <a href="https://github.com/apache/tomcat/commit/9be57601efb8a81e3832feb0dd60b1eb9d2b61d5">9be57601</a>,
+ <a href="https://github.com/apache/tomcat/commit/64159aa1d7cdc2c118fcb5eac098e70129d54a19">64159aa1</a> and
+ <a href="https://github.com/apache/tomcat/commit/03c436126db6794db5277a3b3d871016fb9a3f23">03c43612</a>.</p>
<p>This issue was reported to the Apache Tomcat Security Team on 3 January
2020. The issue was made public on 24 February 2020.</p>
@@ -110,7 +110,7 @@
considered unlikely.</p>
<p>This was fixed with commit
- <a href="https://github.com/apache/tomcat/commit/8fbe2e9">8fbe2e9</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56">8fbe2e96</a>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by @ZeddYu
on 25 December 2019. The issue was made public on 24
@@ -129,7 +129,7 @@
considered unlikely.</p>
<p>This was fixed with commit
- <a href="https://github.com/apache/tomcat/commit/959f1df">959f1df</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/959f1dfd767bf3cb64776b44f7395d1d8d8f7ab3">959f1dfd</a>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by @ZeddYu
on 12 December 2019. The issue was made public on 24
@@ -149,7 +149,7 @@
vulnerability.</p>
<p>This was fixed with commit
- <a href="https://github.com/apache/tomcat/commit/e19a202">e19a202</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/e19a202ee43b6e2a538be5515ae0ab32d8ef112c">e19a202e</a>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by William
Marlow (IBM) on 19 November 2019. The issue was made public on 18
@@ -181,7 +181,7 @@
vulnerability that enables this issue to be exploited remotely.</p>
<p>This was fixed with commit
- <a href="https://github.com/apache/tomcat/commit/a91d7db">a91d7db</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/a91d7db4047d372b2f12999d3cf2bc3254c20d00">a91d7db4</a>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by An Trinh of
Viettel Cyber Security on 10 October 2019. The issue was made public on 18
@@ -201,8 +201,8 @@
exhaustion and a DoS.</p>
<p>This was fixed with commits
- <a href="https://github.com/apache/tomcat/commit/0bcd69c">0bcd69c</a> and
- <a href="https://github.com/apache/tomcat/commit/8d14c6f">8d14c6f</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/0bcd69c9dd8ae0ff424f2cd46de51583510b7f35">0bcd69c9</a> and
+ <a href="https://github.com/apache/tomcat/commit/8d14c6f21d29768a39be4b6b9517060dc6606758">8d14c6f2</a>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by John
Simpson of Trend Micro Security Research working with Trend Micro's Zero
@@ -226,7 +226,7 @@
blog</a>.</p>
<p>This was fixed with commit
- <a href="https://github.com/apache/tomcat/commit/5bc4e6d">5bc4e6d</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/5bc4e6d7b1c22dc1bf99f475b7e70594ebdd83b9">5bc4e6d7</a>.</p>
<p>This issue was identified by Nightwatch Cybersecurity Research and
reported to the Apache Tomcat security team via the bug bounty program
@@ -244,7 +244,7 @@
in a production website.</p>
<p>This was fixed with commit
- <a href="https://github.com/apache/tomcat/commit/4fcdf70">4fcdf70</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/4fcdf706f3ecf35912a600242f89637f5acb32da">4fcdf706</a>.</p>
<p>This issue was identified by Nightwatch Cybersecurity Research and
reported to the Apache Tomcat security team via the bug bounty program
@@ -277,7 +277,7 @@
<a href="https://svn.apache.org/viewvc?view=rev&rev=1852722">1852722</a>,
<a href="https://svn.apache.org/viewvc?view=rev&rev=1852723">1852723</a>,
<a href="https://svn.apache.org/viewvc?view=rev&rev=1852724">1852724</a> and
- <a href="https://github.com/apache/tomcat/commit/60a3af1">60a3af1</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/60a3af1738879ec06fac1ecb8a149608782f7cc9">60a3af17</a>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by Michal Karm
Babacek from Red Hat, Inc on 4 January 2019 with additional issues
Modified: tomcat/site/trunk/docs/security-9.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-9.html?rev=1874502&r1=1874501&r2=1874502&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-9.html (original)
+++ tomcat/site/trunk/docs/security-9.html Tue Feb 25 15:46:38 2020
@@ -82,11 +82,11 @@
will need to make small changes to their configurations as a result.</p>
<p>This was fixed with commits
- <a href="https://github.com/apache/tomcat/commit/0e8a50f">0e8a50f</a>,
- <a href="https://github.com/apache/tomcat/commit/9ac9053">9ac9053</a>,
- <a href="https://github.com/apache/tomcat/commit/64fa5b9">64fa5b9</a>,
- <a href="https://github.com/apache/tomcat/commit/7a1406a">7a1406a</a> and
- <a href="https://github.com/apache/tomcat/commit/49ad3f9">49ad3f9</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/0e8a50f0a5958744bea1fd6768c862e04d3b7e75">0e8a50f0</a>,
+ <a href="https://github.com/apache/tomcat/commit/9ac90532e9a7d239f90952edb229b07c80a9a3eb">9ac90532</a>,
+ <a href="https://github.com/apache/tomcat/commit/64fa5b99442589ef0bf2a7fcd71ad2bc68b35fad">64fa5b99</a>,
+ <a href="https://github.com/apache/tomcat/commit/7a1406a3cd20fdd90656add6cd8f27ef8f24e957">7a1406a3</a> and
+ <a href="https://github.com/apache/tomcat/commit/49ad3f954f69c6e838c8cd112ad79aa5fa8e7153">49ad3f95</a>.</p>
<p>This issue was reported to the Apache Tomcat Security Team on 3 January
2020. The issue was made public on 24 February 2020.</p>
@@ -104,7 +104,7 @@
considered unlikely.</p>
<p>This was fixed with commit
- <a href="https://github.com/apache/tomcat/commit/8bfb0ff">8bfb0ff</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26">8bfb0ff7</a>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by @ZeddYu
on 25 December 2019. The issue was made public on 24
@@ -123,7 +123,7 @@
considered unlikely.</p>
<p>This was fixed with commit
- <a href="https://github.com/apache/tomcat/commit/060ecc5">060ecc5</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/060ecc5eb839208687b7fcc9e35287ac8eb46998">060ecc5e</a>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by @ZeddYu
on 12 December 2019. The issue was made public on 24
@@ -143,7 +143,7 @@
vulnerability.</p>
<p>This was fixed with commit
- <a href="https://github.com/apache/tomcat/commit/1ecba14">1ecba14</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/1ecba14e690cf5f3f143eef6ae7037a6d3c16652">1ecba14e</a>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by William
Marlow (IBM) on 19 November 2019. The issue was made public on 18
@@ -169,7 +169,7 @@
vulnerability that enables this issue to be exploited remotely.</p>
<p>This was fixed with commit
- <a href="https://github.com/apache/tomcat/commit/1fc9f58">1fc9f58</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/1fc9f589dbdd8295cf313b2667ab041c425f99c3">1fc9f589</a>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by An Trinh of
Viettel Cyber Security on 10 October 2019. The issue was made public on 18
@@ -189,8 +189,8 @@
exhaustion and a DoS.</p>
<p>This was fixed with commits
- <a href="https://github.com/apache/tomcat/commit/7f748eb">7f748eb</a> and
- <a href="https://github.com/apache/tomcat/commit/ada725a">ada725a</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/7f748eb6bfaba5207c89dbd7d5adf50fae847145">7f748eb6</a> and
+ <a href="https://github.com/apache/tomcat/commit/ada725a50a60867af3422c8e612aecaeea856a9a">ada725a5</a>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by John
Simpson of Trend Micro Security Research working with Trend Micro's Zero
@@ -222,7 +222,7 @@
blog</a>.</p>
<p>This was fixed with commit
- <a href="https://github.com/apache/tomcat/commit/4b244d8">4b244d8</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/4b244d827ade2a36ef3b8734939541207b78f35c">4b244d82</a>.</p>
<p>This issue was identified by Nightwatch Cybersecurity Research and
reported to the Apache Tomcat security team via the bug bounty program
@@ -240,7 +240,7 @@
in a production website.</p>
<p>This was fixed with commit
- <a href="https://github.com/apache/tomcat/commit/15fcd16">15fcd16</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/15fcd166ea2c1bb79e8541b8e1a43da9c452ceea">15fcd166</a>.</p>
<p>This issue was identified by Nightwatch Cybersecurity Research and
reported to the Apache Tomcat security team via the bug bounty program
@@ -276,7 +276,7 @@
<a href="https://svn.apache.org/viewvc?view=rev&rev=1852704">1852704</a>,
<a href="https://svn.apache.org/viewvc?view=rev&rev=1852705">1852705</a>,
<a href="https://svn.apache.org/viewvc?view=rev&rev=1852706">1852706</a> and
- <a href="https://github.com/apache/tomcat/commit/a1cb1ac">a1cb1ac</a>.</p>
+ <a href="https://github.com/apache/tomcat/commit/a1cb1ac77e3a8fec1b00eb0e944842555da14f7d">a1cb1ac7</a>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by Michal Karm
Babacek from Red Hat, Inc on 4 January 2019 with additional issues
Modified: tomcat/site/trunk/xdocs/security-7.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1874502&r1=1874501&r2=1874502&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Tue Feb 25 15:46:38 2020
@@ -93,10 +93,10 @@
will need to make small changes to their configurations as a result.</p>
<p>This was fixed with commits
- <hashlink hash="0d633e7">0d633e7</hashlink>,
- <hashlink hash="40d5d93">40d5d93</hashlink>,
- <hashlink hash="b99fba5">b99fba5</hashlink> and
- <hashlink hash="f7180ba">f7180ba</hashlink>.</p>
+ <hashlink hash="0d633e72ebc7b3c242d0081c23bba5e4dacd9b72"/>,
+ <hashlink hash="40d5d93bd284033cf4a1f77f5492444f83d803e2"/>,
+ <hashlink hash="b99fba5bd796d876ea536e83299603443842feba"/> and
+ <hashlink hash="f7180bafc74cb1250c9e9287b68a230f0e1f4645"/>.</p>
<p>This issue was reported to the Apache Tomcat Security Team on 3 January
2020. The issue was made public on 24 February 2020.</p>
@@ -114,7 +114,7 @@
considered unlikely.</p>
<p>This was fixed with commit
- <hashlink hash="702bf15">702bf15</hashlink>.</p>
+ <hashlink hash="702bf15bea292915684d931526d95d4990b2e73d"/>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by @ZeddYu
on 25 December 2019. The issue was made public on 24
@@ -133,7 +133,7 @@
considered unlikely.</p>
<p>This was fixed with commit
- <hashlink hash="b191a0d">b191a0d</hashlink>.</p>
+ <hashlink hash="b191a0d9cf06f4e04257c221bfe41d2b108a9cc8"/>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by @ZeddYu
on 12 December 2019. The issue was made public on 24
@@ -155,7 +155,7 @@
vulnerability.</p>
<p>This was fixed with commit
- <hashlink hash="ab72a10">ab72a10</hashlink>.</p>
+ <hashlink hash="ab72a106fe5d992abddda954e30849d7cf8cc583"/>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by William
Marlow (IBM) on 19 November 2019. The issue was made public on 18
@@ -185,7 +185,7 @@
vulnerability that enables this issue to be exploited remotely.</p>
<p>This was fixed with commit
- <hashlink hash="bef3f40">bef3f40</hashlink>.</p>
+ <hashlink hash="bef3f40400243348d12f4abfe9b413f43897c02b"/>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by An Trinh of
Viettel Cyber Security on 10 October 2019. The issue was made public on 18
@@ -210,7 +210,7 @@
blog</a>.</p>
<p>This was fixed with commit
- <hashlink hash="7f0221b">7f0221b</hashlink>.</p>
+ <hashlink hash="7f0221b904956359f2d739aa3a2b53f8c12ed8c7"/>.</p>
<p>This issue was identified by Nightwatch Cybersecurity Research and
reported to the Apache Tomcat security team via the bug bounty program
@@ -228,7 +228,7 @@
in a production website.</p>
<p>This was fixed with commit
- <hashlink hash="44ec74c">44ec74c</hashlink>.</p>
+ <hashlink hash="44ec74c44dcd05cd7e90967c04d40b51440ecd7e"/>.</p>
<p>This issue was identified by Nightwatch Cybersecurity Research and
reported to the Apache Tomcat security team via the bug bounty program
Modified: tomcat/site/trunk/xdocs/security-8.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-8.xml?rev=1874502&r1=1874501&r2=1874502&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-8.xml (original)
+++ tomcat/site/trunk/xdocs/security-8.xml Tue Feb 25 15:46:38 2020
@@ -99,12 +99,12 @@
will need to make small changes to their configurations as a result.</p>
<p>This was fixed with commits
- <hashlink hash="69c5608">69c5608</hashlink>,
- <hashlink hash="b962835">b962835</hashlink>,
- <hashlink hash="5a5494f0">5a5494f0</hashlink>,
- <hashlink hash="9be5760">9be5760</hashlink>,
- <hashlink hash="64159aa">64159aa</hashlink> and
- <hashlink hash="03c4361">03c4361</hashlink>.</p>
+ <hashlink hash="69c56080fb3355507e1b55d014ec0ee6767a6150"/>,
+ <hashlink hash="b962835f98b905286b78c414d5aaec2d0e711f75"/>,
+ <hashlink hash="5a5494f023e81aa353e262fb14fff4cd0338a67c"/>,
+ <hashlink hash="9be57601efb8a81e3832feb0dd60b1eb9d2b61d5"/>,
+ <hashlink hash="64159aa1d7cdc2c118fcb5eac098e70129d54a19"/> and
+ <hashlink hash="03c436126db6794db5277a3b3d871016fb9a3f23"/>.</p>
<p>This issue was reported to the Apache Tomcat Security Team on 3 January
2020. The issue was made public on 24 February 2020.</p>
@@ -122,7 +122,7 @@
considered unlikely.</p>
<p>This was fixed with commit
- <hashlink hash="8fbe2e9">8fbe2e9</hashlink>.</p>
+ <hashlink hash="8fbe2e962f0ea138d92361921643fe5abe0c4f56"/>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by @ZeddYu
on 25 December 2019. The issue was made public on 24
@@ -141,7 +141,7 @@
considered unlikely.</p>
<p>This was fixed with commit
- <hashlink hash="959f1df">959f1df</hashlink>.</p>
+ <hashlink hash="959f1dfd767bf3cb64776b44f7395d1d8d8f7ab3"/>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by @ZeddYu
on 12 December 2019. The issue was made public on 24
@@ -163,7 +163,7 @@
vulnerability.</p>
<p>This was fixed with commit
- <hashlink hash="e19a202">e19a202</hashlink>.</p>
+ <hashlink hash="e19a202ee43b6e2a538be5515ae0ab32d8ef112c"/>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by William
Marlow (IBM) on 19 November 2019. The issue was made public on 18
@@ -197,7 +197,7 @@
vulnerability that enables this issue to be exploited remotely.</p>
<p>This was fixed with commit
- <hashlink hash="a91d7db">a91d7db</hashlink>.</p>
+ <hashlink hash="a91d7db4047d372b2f12999d3cf2bc3254c20d00"/>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by An Trinh of
Viettel Cyber Security on 10 October 2019. The issue was made public on 18
@@ -219,8 +219,8 @@
exhaustion and a DoS.</p>
<p>This was fixed with commits
- <hashlink hash="0bcd69c">0bcd69c</hashlink> and
- <hashlink hash="8d14c6f">8d14c6f</hashlink>.</p>
+ <hashlink hash="0bcd69c9dd8ae0ff424f2cd46de51583510b7f35"/> and
+ <hashlink hash="8d14c6f21d29768a39be4b6b9517060dc6606758"/>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by John
Simpson of Trend Micro Security Research working with Trend Micro's Zero
@@ -246,7 +246,7 @@
blog</a>.</p>
<p>This was fixed with commit
- <hashlink hash="5bc4e6d">5bc4e6d</hashlink>.</p>
+ <hashlink hash="5bc4e6d7b1c22dc1bf99f475b7e70594ebdd83b9"/>.</p>
<p>This issue was identified by Nightwatch Cybersecurity Research and
reported to the Apache Tomcat security team via the bug bounty program
@@ -264,7 +264,7 @@
in a production website.</p>
<p>This was fixed with commit
- <hashlink hash="4fcdf70">4fcdf70</hashlink>.</p>
+ <hashlink hash="4fcdf706f3ecf35912a600242f89637f5acb32da"/>.</p>
<p>This issue was identified by Nightwatch Cybersecurity Research and
reported to the Apache Tomcat security team via the bug bounty program
@@ -299,7 +299,7 @@
<revlink rev="1852722">1852722</revlink>,
<revlink rev="1852723">1852723</revlink>,
<revlink rev="1852724">1852724</revlink> and
- <hashlink hash="60a3af1">60a3af1</hashlink>.</p>
+ <hashlink hash="60a3af1738879ec06fac1ecb8a149608782f7cc9"/>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by Michal Karm
Babacek from Red Hat, Inc on 4 January 2019 with additional issues
Modified: tomcat/site/trunk/xdocs/security-9.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-9.xml?rev=1874502&r1=1874501&r2=1874502&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-9.xml (original)
+++ tomcat/site/trunk/xdocs/security-9.xml Tue Feb 25 15:46:38 2020
@@ -93,11 +93,11 @@
will need to make small changes to their configurations as a result.</p>
<p>This was fixed with commits
- <hashlink hash="0e8a50f">0e8a50f</hashlink>,
- <hashlink hash="9ac9053">9ac9053</hashlink>,
- <hashlink hash="64fa5b9">64fa5b9</hashlink>,
- <hashlink hash="7a1406a">7a1406a</hashlink> and
- <hashlink hash="49ad3f9">49ad3f9</hashlink>.</p>
+ <hashlink hash="0e8a50f0a5958744bea1fd6768c862e04d3b7e75"/>,
+ <hashlink hash="9ac90532e9a7d239f90952edb229b07c80a9a3eb"/>,
+ <hashlink hash="64fa5b99442589ef0bf2a7fcd71ad2bc68b35fad"/>,
+ <hashlink hash="7a1406a3cd20fdd90656add6cd8f27ef8f24e957"/> and
+ <hashlink hash="49ad3f954f69c6e838c8cd112ad79aa5fa8e7153"/>.</p>
<p>This issue was reported to the Apache Tomcat Security Team on 3 January
2020. The issue was made public on 24 February 2020.</p>
@@ -115,7 +115,7 @@
considered unlikely.</p>
<p>This was fixed with commit
- <hashlink hash="8bfb0ff">8bfb0ff</hashlink>.</p>
+ <hashlink hash="8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26"/>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by @ZeddYu
on 25 December 2019. The issue was made public on 24
@@ -134,7 +134,7 @@
considered unlikely.</p>
<p>This was fixed with commit
- <hashlink hash="060ecc5">060ecc5</hashlink>.</p>
+ <hashlink hash="060ecc5eb839208687b7fcc9e35287ac8eb46998"/>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by @ZeddYu
on 12 December 2019. The issue was made public on 24
@@ -156,7 +156,7 @@
vulnerability.</p>
<p>This was fixed with commit
- <hashlink hash="1ecba14">1ecba14</hashlink>.</p>
+ <hashlink hash="1ecba14e690cf5f3f143eef6ae7037a6d3c16652"/>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by William
Marlow (IBM) on 19 November 2019. The issue was made public on 18
@@ -184,7 +184,7 @@
vulnerability that enables this issue to be exploited remotely.</p>
<p>This was fixed with commit
- <hashlink hash="1fc9f58">1fc9f58</hashlink>.</p>
+ <hashlink hash="1fc9f589dbdd8295cf313b2667ab041c425f99c3"/>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by An Trinh of
Viettel Cyber Security on 10 October 2019. The issue was made public on 18
@@ -206,8 +206,8 @@
exhaustion and a DoS.</p>
<p>This was fixed with commits
- <hashlink hash="7f748eb">7f748eb</hashlink> and
- <hashlink hash="ada725a">ada725a</hashlink>.</p>
+ <hashlink hash="7f748eb6bfaba5207c89dbd7d5adf50fae847145"/> and
+ <hashlink hash="ada725a50a60867af3422c8e612aecaeea856a9a"/>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by John
Simpson of Trend Micro Security Research working with Trend Micro's Zero
@@ -241,7 +241,7 @@
blog</a>.</p>
<p>This was fixed with commit
- <hashlink hash="4b244d8">4b244d8</hashlink>.</p>
+ <hashlink hash="4b244d827ade2a36ef3b8734939541207b78f35c"/>.</p>
<p>This issue was identified by Nightwatch Cybersecurity Research and
reported to the Apache Tomcat security team via the bug bounty program
@@ -259,7 +259,7 @@
in a production website.</p>
<p>This was fixed with commit
- <hashlink hash="15fcd16">15fcd16</hashlink>.</p>
+ <hashlink hash="15fcd166ea2c1bb79e8541b8e1a43da9c452ceea"/>.</p>
<p>This issue was identified by Nightwatch Cybersecurity Research and
reported to the Apache Tomcat security team via the bug bounty program
@@ -297,7 +297,7 @@
<revlink rev="1852704">1852704</revlink>,
<revlink rev="1852705">1852705</revlink>,
<revlink rev="1852706">1852706</revlink> and
- <hashlink hash="a1cb1ac">a1cb1ac</hashlink>.</p>
+ <hashlink hash="a1cb1ac77e3a8fec1b00eb0e944842555da14f7d"/>.</p>
<p>This issue was reported to the Apache Tomcat Security Team by Michal Karm
Babacek from Red Hat, Inc on 4 January 2019 with additional issues
Modified: tomcat/site/trunk/xdocs/stylesheets/tomcat-site.xsl
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/stylesheets/tomcat-site.xsl?rev=1874502&r1=1874501&r2=1874502&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/stylesheets/tomcat-site.xsl (original)
+++ tomcat/site/trunk/xdocs/stylesheets/tomcat-site.xsl Tue Feb 25 15:46:38 2020
@@ -359,7 +359,7 @@
<!-- Link to a git hash -->
<xsl:template match="hashlink">
<xsl:variable name="link"><xsl:value-of select="$hashlink"/><xsl:value-of select="@hash"/></xsl:variable>
- <a href="{$link}"><xsl:apply-templates/></a>
+ <a href="{$link}"><xsl:value-of select="substring(@hash, 0, 9)"/></a>
</xsl:template>
<!-- Link to a CVE report -->
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org